In an organization of say 5, some times you need to give many people access to the same EC2 Instance.
Sharing the private key and the password b/w 5 users is definitely not a good idea!
So,
how do you fix this problem? You create multiple accounts on the Linux
EC2 instance and generate keys for every individual accounts, here is
how you do it:
Step 0. Login by default user, “ec2-user”:
1
| static-9:ec2_thelostlogbook utkarsh$ ssh -i my_key.pem ec2-user@111.111.11.111
|
Step 1. Create a new user, we will call our new user “john”:
1
| [ec2-user@ip-11-111-111-111 ~]$ sudo adduser john
|
Set password for “john” by:
1
2
| [ec2-user@ip-11-111-111-111 ~]$ sudo su
[root@ip-11-111-111-111 ec2-user]$ passwd john
|
Add “john” to sudoer’s list by:
1
| [root@ip-11-111-111-111 ec2-user]$ visudo
|
and add this to the last line:
Alright!
We have our new user created, now you need to generate the key file
which will be needed to login, like we have my_key.pem in Step 0.
Now, exit and go back to ec2-user, out of root.
Step 2. Creating the public and private keys:
1
| [ec2-user@ip-11-111-111-111 ~]$ su john
|
Enter the password you created for “john” in Step 1.
1
2
3
4
5
6
7
| [john@ip-11-111-111-111 ec2-user]$ cd /home/john/
[john@ip-11-111-111-111 ~]$ ssh-keygen -b 1024 -f john -t dsa
[john@ip-11-111-111-111 ~]$ mkdir .ssh
[john@ip-11-111-111-111 ~]$ chmod 700 .ssh
[john@ip-11-111-111-111 ~]$ cat john.pub > .ssh/authorized_keys
[john@ip-11-111-111-111 ~]$ chmod 600 .ssh/authorized_keys
[john@ip-11-111-111-111 ~]$ sudo chown john:ec2-user .ssh
|
In the above step, john is the user we created and ec2-user is the default user group.
1
| [john@ip-11-111-111-111 ~]$ sudo chown john:ec2-user .ssh/authorized_keys
|
Step 3. Now you just need to download the key called “john”
I use
scp to download/upload files from EC2, here is how you can do it:
You
will still need to copy the file using ec2-user, since you only have
the key for that user name. So, you will need to move the key to
ec2-user folder and chmod it to 777.
1
2
| [john@ip-11-111-111-111 ~]$ sudo cp john /home/ec2-user/
[john@ip-11-111-111-111 ~]$ sudo chmod 777 /home/ec2-user/john
|
Now come to local machine’s terminal, where you have my_key.pem file and do this:
1
| static-9:ec2_thelostlogbook utkarsh$ scp -i my_key.pem ec2-user@111.111.11.111:/home/ec2-user/john john
|
The
above command will copy the key “john” to the present working directory
on your local machine. Once you have copied the key to your local
machine, you should delete “/home/ec2-user/john”, since it’s a private
key.
Now, one your local machine chmod john to 600.
1
| static-9:ec2_thelostlogbook utkarsh$ chmod 600 john
|
Step 4. Time to test your key:
1
| static-9:ec2_thelostlogbook utkarsh$ ssh -i john john@111.111.11.111
|
So, in this manner, you can setup multiple users to use one EC2 instance!!
0 comments:
Post a Comment